Security Group Bypass Vulnerability in OpenStack Compute by OpenStack
CVE-2012-2654

Currently unrated

Key Information:

Vendor

Openstack
Status
Compute
Essex
Diablo
Vendor
CVE Published:
21 June 2012

What is CVE-2012-2654?

The EC2 and OS APIs in OpenStack Compute (Nova) versions Folsom, Essex, and Diablo do not properly validate the network protocol during the creation of security groups. This oversight allows remote attackers to bypass access restrictions if the protocol is not entirely specified in lowercase, potentially exposing sensitive resources and leading to unauthorized access.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://secunia.com/advisories/46808
third-party-advisoryx_refsource_SECUNIA
https://review.openstack.org/#/c/8239/
x_refsource_CONFIRM
https://github.com/openstack/nova/commit/9f9e9da777161426...
x_refsource_CONFIRM

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.